Hi everybody,
A few days ago I commited a new code for upgrade current features of recon.
Today I want to add two new features that also modify the current SQL
schema, this means that people using current development version (3.0) MUST
upgrade their SQL inmediatly. We should not modify SQL code at this stage,
but this features really need this, and I think we really need, at least,
one of them. Since I need to modify SQL, the second feature also could be
added easily.
Al always, file in
/pandora_console/extras/pandoradb_migrate_v2.x_to_v3.0.sql contains changes
to do in SQL in order to go to last 3.0 version. This are the new SQL
sentences (also includes some SQL cleanup code removing unused fields from
2.x version):
ALTER TABLE trecon_task ADD `recon_ports` varchar(250) NOT NULL default '';
ALTER TABLE tagente ADD `cascade_protection` tinyint(2) NOT NULL default '0';
ALTER TABLE tagente ADD `posx` double(12,2) default NULL;
ALTER TABLE tagente ADD `posy` double(12,2) default NULL;
ALTER TABLE tagente ADD `posz` double(12,2) default NULL;
ALTER TABLE tagente DROP id_wmi_server;
ALTER TABLE tagente DROP id_network_server;
ALTER TABLE tagente DROP id_plugin_server;
ALTER TABLE tagente DROP id_prediction_server;
Note that the first one is for the recon feature added one week ago.
So, what are the new features ?.
I've called it "cascade_protecion" and it's used to disable alert execution
on the applied agent if it's parent has any kind of problem (a critical
module, or a fired alert). This means that if your router is going down,
you don't get a shower of alerts. This is a very easy way to implement
cascade alert protection and could be combined with correlation in order to
make a very effective alert management system. Of course, you need first to
define a parent for each agent.
The second feature, probably not finished until a few months, is to
implement a physical map visualization/navigation using GPS coordinates
embedded in agents.
I prefer to listen any comments or suggestion before commiting something
that could break current execution, I'll wait a few days.
--
Un saludo,
Sancho Lerena
Director Técnico
http://www.artica.es
c/ Silva 2, 1. 28013 Madrid
Tel. +34-91-559-7222
Mov. +34-627-934-649
Este mensaje se dirige exclusivamente a su destinatario y puede contener
información privilegiada o confidencial. Si no es vd. el destinatario
indicado, queda notificado de que la lectura, utilización, divulgación
y/o copia sin autorización está prohibida en virtud de la legislación
vigente. Si ha recibido este mensaje por error, le rogamos que nos lo
comunique inmediatamente por esta misma vía y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by a professional
privilege or whose disclosure is prohibited by law.
If you are not the intended recipient you are hereby notified that any
read, dissemination, copy or disclosure of this communication is
strictly prohibited by law. If this message has been received in error,
please immediately notify us via e-mail and delete it.